Today’s attackers are increasingly sophisticated, managing to access the necessary resources to use leading technologies, including Cloud and Artificial Intelligence. But, on the other side of the barricade, public and private organizations rely on the same IT silos lacking interconnectivity, supported by heterogeneous solutions. In addition, in most cases, IT departments do not have specialized resources on IT security. In this context, companies need Threat Intelligence, a new approach that relies on the collection, processing, and analysis of data to understand the motivation, targets, and behavior of attackers.
Present at the seminar “THE GLOBAL THREAT LANDSCAPE” organized by Datanet Systems, Valentine Ouaki, Strategic Threat Advisor for Southeast Europe at CrowdStrike, stated that:
”in today’s cyber security, the key element is knowing the adversary, his motivation, tactics, and techniques used. Only in this way can a company have a correct perspective on threats, to be able to quickly adapt its protection measures and react in a timely manner.”
Using “threat intelligence”, allows companies to better understand the risks associated with cyber security and move from a reactive to a proactive behavior in the fight against attackers.
Knowing your adversaries through Threat Intelligence
In recent years, the motivation behind cyber-attacks has changed profoundly. However, because over 60% of security breaches are malware-free, identifying attackers and their motives are becoming increasingly difficult. This is why Threat Intelligence services are the only way to gather information about attackers and prepare adequate protection. There are currently three broad categories of attackers:
- Hackers, who represent the interests of a nation and who mainly target public institutions and critical infrastructure. They have become very active in the current geopolitical context and are supported by both Russia (focus on public institutions and energy networks) and China (focus on industrial espionage, especially on technological objectives, theft of intellectual property, and the creation of currents of opinion);
- Cybercrime groups, mainly motivated by financial gain through data theft and rewards demand. These groups are responsible for the 82% increase in Ransomware and DataExtortion attacks in 2021.
- Hacktivists or hackers with ideological or political motivation. They frequently use DDoS attacks to block the websites of public or private organizations. The Killnet group, responsible for several attacks against European and American entities, is the best known.
According to the Threat Intelligence data collected by CrowdStrike, Romania is exposed to all these categories, information that can be confirmed, moreover, through the official communications of the authorities. However, CrowdStrike reports show that most of the time, these groups collaborate in a “spider” type structure to achieve better results and have specific objectives depending on the region or country.
In general, attacks are coordinated by several groups and very rarely carried out in isolation. The tasks within a web spider are well-defined. Some members (access brokers) are in charge of obtaining initial access to an organization’s resources, by compromising the networks, exploiting the vulnerabilities, and collecting the primary data. They sell the opportunities to other members of the group, who actually generate the breaches and then monetize the stolen data or demand ransom for the encrypted IT systems.
According to CrowdStrike, there is a real trade within these groups, with buyers and sellers posting offers of attack opportunities and stolen data sets. A “cybercrime as a service” ecosystem, is more efficient than the traditional security approaches that have a lower effect.
Proactive protection with CrowdStrike
CrowdStrike has adapted to this landscape, transforming itself from a niche provider of “incident response” into a pioneer which unified Next-Generation antivirus solutions with Endpoint Detection and Response and 24/7 Threat Intelligence and Threat Hunting services, in a single and unified platform. CrowdStrike functionality is delivered through a light agent that uses less than 1% of system resources and connects to cloud services.
Most of the functionalities added to the platform are developed in-house, and the Threat Intelligence’s footprint was enriched by the acquisition of companies such as Humio, which is specialized in advanced log-management solutions.
A service that exploits Threat Intelligence is Digital Risk Monitoring. CrowdStrike specialists constantly monitor sources in the dark web and deliver early alerts to beneficiaries if the name of the company or business partners, the field of activity, or the country appears in information exchanges between cybercrime groups. This information helps companies understand their industry-specific cybercrime landscape, attackers, and attack tools and types.
Additionally, CrowdStrike offers CrowdStrike Falcon, an EDR solution (Endpoint Detection and Response), focusing on the protection of terminal equipment, by proactively blocking security breaches. The solution automatically collects and correlates data from all levels of security: workstation, email, server, cloud, and network, and equally covers Windows, Mac, and multiple Linux distributions.
”The CrowdStrike platform provides an overview of the IT system and allows security managers to identify the concrete way of using any resources. Moreover, the platform generates reports that evaluate the level of risk and potential impact and makes recommendations on the measures to be adopted. It’s a real help to stay one step ahead of attackers through an effective correlation between intelligence and technology,” mentioned Tomica Mozina , Regional Alliances Manager at CrowdStrike.
Moreover, the mix of intelligence and technology is the main differentiator for CrowdStrike, backed-up by many of the company’s experts that are former employees of investigative agencies (the FBI, for example). Thus, CrowdStrike manages to deliver not just a cyber security tool, but a flexible and proactive way of working adapted to today’s cybercrime landscape.
Datanet Systems,as a member of Soitron Group, is a CrowdStrike partner and can provide you with technical information about Falcon solutions, and the support needed to put them into production and maximize the security of your organization..